Category: Cybersecurity

Jun 24, 2025Ravie LakshmananCloud Security / Cryptojacking

Misconfigured Docker instances are the target of a campaign that employs the Tor anonymity network to stealthily mine cryptocurrency in susceptible environments.

“Attackers are exploiting misconfigured Docker APIs to gain access to containerized environments, then using Tor to mask their activities while deploying crypto miners,” Trend Micro researchers Sunil Bharti and Shubham Singh said in an analysis published last week.

In using Tor, the idea is to anonymize their origins during the installation of the miner on compromised systems. The attacks, per the cybersecurity company, commence with a request from the IP address 198.199.72[.]27 to obtain a list of all containers on the machine.

If no containers are present, the attacker proceeds to create a new one based on the “alpine” Docker image and mounts the “/hostroot” directory – i.e., the root directory (“/”) of the physical or virtual host machine – as a volume inside it. This behavior poses security risks as it allows the container to access and modify files and directories on the host system, resulting in a container escape.

The threat actors then execute a carefully orchestrated sequence of actions that involves running a Base64-encoded shell script to set up Tor on the container as part of the creation request and ultimately fetch and execute a remote script from a .onion domain (“wtxqf54djhp5pskv2lfyduub5ievxbyvlzjgjopk6hxge5umombr63ad[.]onion”)

“It reflects a common tactic used by attackers to hide command-and-control (C&C) infrastructure, avoid detection, and deliver malware or miners within compromised cloud or container environments,” the researchers said. “Additionally, the attacker uses ‘socks5h’ to route all traffic and DNS resolution through Tor for enhanced anonymity and evasion.”

Once the container is created, the “docker-init.sh” shell script is deployed, which then checks for the “/hostroot” directory mounted earlier and modifies the system’s SSH configuration to set up remote access by enabling root login and adding an attacker-controlled SSH key into the ~/.ssh/authorized_keys file.

The threat actor has also been found to install various tools like masscan, libpcap, zstd, and torsocks, beacon to the C&C server details about the infected system, and ultimately deliver a binary that acts as a dropper for the XMRig cryptocurrency miner, along with the necessary mining configuration, the wallet addresses, and mining pool URLs.

“This approach helps attackers avoid detection and simplifies deployment in compromised environments,” Trend Micro said, adding it observed the activity targeting technology companies, financial services, and healthcare organizations.

The findings point to an ongoing trend of cyber attacks that target misconfigured or poorly secured cloud environments for cryptojacking purposes.

The development comes as Wiz revealed that a scan of public code repositories has uncovered hundreds of validated secrets in mcp.json, .env, and AI agent configuration files and Python notebooks (.ipynb), turning them into a treasure trove for attackers.

The cloud security firm said it found valid secrets belonging to over 30 companies and startups, including those belonging to Fortune 100 companies.

“Beyond just secrets, code execution results in Python notebooks should be generally treated as sensitive,” researchers Shay Berkovich and Rami McCarthy said. “Their content, if correlated to a developer’s organization, can provide reconnaissance details for malicious actors.”

Jun 24, 2025Ravie LakshmananMalware / Threat Intelligence

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new cyber attack campaign by the Russia-linked APT28 (aka UAC-0001) threat actors using Signal chat messages to deliver two new malware families dubbed BEARDSHELL and COVENANT.

BEARDSHELL, per CERT-UA, is written in C++ and offers the ability to download and execute PowerShell scripts, as well as upload the results of the execution back to a remote server over the Icedrive API.

The agency said it first observed BEARDSHELL, alongside a screenshot-taking tool named SLIMAGENT, as part of incident response efforts in March-April 2024 in a Windows computer.

While at that time, there were no details available on how the infection took place, the agency said it received threat intelligence from ESET more than a year later that detected evidence of unauthorized access to a “gov.ua” email account.

The exact nature of the information shared was not disclosed, but it likely pertains to a report from the Slovak cybersecurity company last month that detailed APT28’s exploitation of cross-site scripting (XSS) vulnerabilities in various webmail software such as Roundcube, Horde, MDaemon, and Zimbra to breach Ukrainian government entities.

Further investigation triggered as a result of this discovery unearthed crucial evidence, including the initial access vector used in the 2024 attack, as well as the presence of BEARDSHELL and a malware framework dubbed COVENANT.

Specifically, it has come to light that the threat actors are sending messages on Signal to deliver a macro-laced Microsoft Word document (“Акт.doc”), which, when launched, drops two payloads: A malicious DLL (“ctec.dll”) and a PNG image (“windows.png”).

The embedded macro also makes Windows Registry modifications to ensure that the DLL is launched when the File Explorer (“explorer.exe”) is launched the next time. The primary task of the DLL is to load the shellcode from the PNG file, resulting in the execution of the memory-resident COVENANT framework.

COVENANT subsequently downloads two more intermediate payloads that are designed to launch the BEARDSHELL backdoor on the compromised host.

To mitigate potential risks associated with the threat, state organizations are recommended to keep an eye on network traffic associated with the domains “app.koofr[.]net” and “api.icedrive[.]net.”

The disclosure comes as CERT-UA revealed APT28’s targeting of outdated Roundcube webmail instances in Ukraine to deliver exploits for CVE-2020-35730, CVE-2021-44026, and CVE-2020-12641 via phishing emails that ostensibly contain text about news events but weaponize these flaws to execute arbitrary JavaScript.

The email “contained a content bait in the form of an article from the publication ‘NV’ (nv.ua), as well as an exploit for the Roundcube XSS vulnerability CVE-2020-35730 and the corresponding JavaScript code designed to download and run additional JavaScript files: ‘q.js’ and ‘e.js,’” CERT-UA said.

“E.js” ensures the creation of a mailbox rule for redirecting incoming emails to a third-party email address, in addition to exfiltrating the victim’s address book and session cookies via HTTP POST requests. On the other hand, “q.js” features an exploit for an SQL injection flaw in Roundcube (CVE-2021-44026) that’s used to gather information from the Roundcube database.

CERT-UA said it also discovered a third JavaScript file named “c.js” that includes an exploit for a third Roundcube flaw (CVE-2020-12641) to execute arbitrary commands on the mail server. In all, similar phishing emails were sent to the email addresses of more than 40 Ukrainian organizations.

Jun 24, 2025Ravie LakshmananData Protection / Mobile Security

The U.S. House of Representatives has formally banned congressional staff members from using WhatsApp on government-issued devices, citing security concerns.

The development was first reported by Axios.

The decision, according to the House Chief Administrative Officer (CAO), was motivated by worries about the app’s security.

“The Office of Cybersecurity has deemed WhatsApp a high-risk to users due to the lack of transparency in how it protects user data, absence of stored data encryption, and potential security risks involved with its use,” the CAO said in a memo, according to Axios.

To that end, House staff are prohibited from downloading the app on any device issued by the government, including its mobile, desktop, or web browser versions.

WhatsApp has pushed back against these concerns, stating messages sent on the platform are end-to-end encrypted by default, and that it offers a “higher level” of security than most of the apps on CAO’s approved list.

“We disagree with the House Chief Administrative Officer’s characterization in the strongest possible terms,” Meta’s Communication Director Andy Stone said in a post on social media site X.

“We know members and their staffs regularly use WhatsApp and we look forward to ensuring members of the House can join their Senate counterparts in doing so officially.”

As “acceptable” alternatives, the CAO’s message has recommended that the staff use apps like Microsoft Teams, Amazon’s Wickr, Signal, and Apple’s iMessage and FaceTime. WhatsApp is the latest app to be banned by the House after TikTok, OpenAI ChatGPT, and DeepSeek.

Last week, the Meta-owned messaging app said it’s bringing ads in an effort to monetize the platform, but emphasized they are done in a manner without sacrificing user privacy.

Jun 24, 2025Ravie LakshmananCyber Espionage / Chinese Hackers

The Canadian Centre for Cyber Security and the U.S. Federal Bureau of Investigation (FBI) have issued an advisory warning of cyber attacks mounted by the China-linked Salt Typhoon actors to breach major global telecommunications providers as part of a cyber espionage campaign.

The attackers exploited a critical Cisco IOS XE software (CVE-2023-20198, CVSS score: 10.0) to access configuration files from three network devices registered to a Canadian telecommunications company in mid-February 2025.

The threat actors are also said to have modified at least one of the files to configure a Generic Routing Encapsulation (GRE) tunnel, enabling traffic collection from the network. The name of the targeted company was not disclosed.

Stating that the targeting likely goes beyond the telecommunications sector, the agencies said the targeting of Canadian devices may permit the threat actors to collect information from the compromised networks and use them as leverage to breach additional devices.

“In some cases, we assess that the threat actors’ activities were very likely limited to network reconnaissance,” per the alert.

The agencies further pointed out that edge network devices continue to be an attractive target for Chinese state-sponsored threat actors looking to breach and maintain persistent access to telecom service providers.

The findings dovetail with an earlier report from Recorded Future that detailed the exploitation of CVE-2023-20198 and CVE-2023-20273 to infiltrate telecom and internet firms in the U.S., South Africa, and Italy, and leveraging the footholds to set up GRE tunnels for long-term access and data exfiltration.

U.K. NCSC Warns of SHOE RACK and UMBRELLA STAND Malware Targeting Fortinet Devices

The development comes as the U.K. National Cyber Security Centre (NCSC) revealed two different malware families dubbed SHOE RACK and UMBRELLA STAND that have been found targeting FortiGate 100D series firewalls made by Fortinet.

While SHOE RACK is a post-exploitation tool for remote shell access and TCP tunneling through a compromised device, UMBRELLA STAND is designed to run shell commands issued from an attacker-controlled server.

Interestingly, SHOE RACK is partly based on a publicly available tool named reverse_shell, which, coincidentally, has also been repurposed by a China-nexus threat cluster called PurpleHaze to devise a Windows implant codenamed GoReShell. It’s currently not clear if these activities are related.

The NCSC said it identified some similarities between UMBRELLA STAND and COATHANGER, a backdoor that was previously put to use by Chinese state-backed hackers in a cyber attack aimed at a Dutch armed forces network.

Jun 23, 2025Ravie LakshmananHacktivism / Cyber Warfare

The United States government has warned of cyber attacks mounted by pro-Iranian groups after it launched airstrikes on Iranian nuclear sites as part of the Iran–Israel war that commenced on June 13, 2025.

Stating that the ongoing conflict has created a “heightened threat environment” in the country, the Department of Homeland Security (DHS) said in a bulletin that cyber actors are likely to target U.S. networks.

“Low-level cyber attacks against U.S. networks by pro-Iranian hacktivists are likely, and cyber actors affiliated with the Iranian government may conduct attacks against U.S. networks,” the DHS said.

“Both hacktivists and Iranian government-affiliated actors routinely target poorly secured U.S. networks and Internet-connected devices for disruptive cyber attacks.”

The development comes after U.S. President Donald Trump announced that the U.S. military had conducted a bombing attack on three Iranian nuclear facilities at Fordo, Natanz, and Isfahan. Trump described the strikes as a “spectacular military success” and warned of “far greater” attacks if Tehran does not make peace.

The Iran-Israel war of 2025 has triggered a maelstrom in cyberspace, what with hacktivist groups aligned with the two nations targeting the other.

In response to the U.S. military strikes, a pro-Iranian group named Team 313 claimed it took down Trump’s Truth Social platform in a distributed denial-of-service (DDoS) attack.

Jun 23, 2025Ravie LakshmananLLM Security / AI Security

Cybersecurity researchers are calling attention to a new jailbreaking method called Echo Chamber that could be leveraged to trick popular large language models (LLMs) into generating undesirable responses, irrespective of the safeguards put in place.

“Unlike traditional jailbreaks that rely on adversarial phrasing or character obfuscation, Echo Chamber weaponizes indirect references, semantic steering, and multi-step inference,” NeuralTrust researcher Ahmad Alobaid said in a report shared with The Hacker News.

“The result is a subtle yet powerful manipulation of the model’s internal state, gradually leading it to produce policy-violating responses.”

While LLMs have steadily incorporated various guardrails to combat prompt injections and jailbreaks, the latest research shows that there exist techniques that can yield high success rates with little to no technical expertise.

It also serves to highlight a persistent challenge associated with developing ethical LLMs that enforce clear demarcation between what topics are acceptable and not acceptable.

While widely-used LLMs are designed to refuse user prompts that revolve around prohibited topics, they can be nudged towards eliciting unethical responses as part of what’s called a multi-turn jailbreaking.

In these attacks, the attacker starts with something innocuous and then progressively asks a model a series of increasingly malicious questions that ultimately trick it into producing harmful content. This attack is referred to as Crescendo.

LLMs are also susceptible to many-shot jailbreaks, which take advantage of their large context window (i.e., the maximum amount of text that can fit within a prompt) to flood the AI system with several questions (and answers) that exhibit jailbroken behavior preceding the final harmful question. This, in turn, causes the LLM to continue the same pattern and produce harmful content.

Echo Chamber, per NeuralTrust, leverages a combination of context poisoning and multi-turn reasoning to defeat a model’s safety mechanisms.

Echo Chamber Attack

“The main difference is that Crescendo is the one steering the conversation from the start while the Echo Chamber is kind of asking the LLM to fill in the gaps and then we steer the model accordingly using only the LLM responses,” Alobaid said in a statement shared with The Hacker News.

Specifically, this plays out as a multi-stage adversarial prompting technique that starts with a seemingly-innocuous input, while gradually and indirectly steering it towards generating dangerous content without giving away the end goal of the attack (e.g., generating hate speech).

“Early planted prompts influence the model’s responses, which are then leveraged in later turns to reinforce the original objective,” NeuralTrust said. “This creates a feedback loop where the model begins to amplify the harmful subtext embedded in the conversation, gradually eroding its own safety resistances.”

In a controlled evaluation environment using OpenAI and Google’s models, the Echo Chamber attack achieved a success rate of over 90% on topics related to sexism, violence, hate speech, and pornography. It also achieved nearly 80% success in the misinformation and self-harm categories.

“The Echo Chamber Attack reveals a critical blind spot in LLM alignment efforts,” the company said. “As models become more capable of sustained inference, they also become more vulnerable to indirect exploitation.”

The disclosure comes as Cato Networks demonstrated a proof-of-concept (PoC) attack that targets Atlassian’s model context protocol (MCP) server and its integration with Jira Service Management (JSM) to trigger prompt injection attacks when a malicious support ticket submitted by an external threat actor is processed by a support engineer using MCP tools.

The cybersecurity company has coined the term “Living off AI” to describe these attacks, where an AI system that executes untrusted input without adequate isolation guarantees can be abused by adversaries to gain privileged access without having to authenticate themselves.

“The threat actor never accessed the Atlassian MCP directly,” security researchers Guy Waizel, Dolev Moshe Attiya, and Shlomo Bamberger said. “Instead, the support engineer acted as a proxy, unknowingly executing malicious instructions through Atlassian MCP.”

Jun 23, 2025Ravie LakshmananCyber Espionage / Vulnerability

Cybersecurity researchers have uncovered a Go-based malware called XDigo that has been used in attacks targeting Eastern European governmental entities in March 2025.

The attack chains are said to have leveraged a collection of Windows shortcut (LNK) files as part of a multi-stage procedure to deploy the malware, French cybersecurity company HarfangLab said.

XDSpy is the name assigned to a cyber espionage that’s known to target government agencies in Eastern Europe and the Balkans since 2011. It was first documented by the Belarusian CERT in early 2020.

In recent years, companies in Russia and Moldova have been targeted by various campaigns to deliver malware families like UTask, XDDown, and DSDownloader that can download additional payloads and steal sensitive information from compromised hosts.

HarfangLab said it observed the threat actor leveraging a remote code execution flaw in Microsoft Windows that’s triggered when processing specially crafted LNK files. The vulnerability (ZDI-CAN-25373) was publicly disclosed by Trend Micro earlier this March.

“Crafted data in an LNK file can cause hazardous content in the file to be invisible to a user who inspects the file via the Windows-provided user interface,” Trend Micro’s Zero Day Initiative (ZDI) said at the time. “An attacker can leverage this vulnerability to execute code in the context of the current user.”

Further analysis of the LNK file artifacts that exploit ZDI-CAN-25373 has uncovered a smaller subset comprising nine samples, which take advantage of an LNK parsing confusion flaw stemming as a result of Microsoft not implementing its own MS-SHLLINK specification (version 8.0).

According to the spec, the maximum theoretical limit for the length of a string within LNK files is the greatest integer value that can be encoded within two bytes (i.e., 65,535 characters). However, the actual Windows 11 implementation limits the total stored text content to 259 characters with the exception of command-line arguments.

“This leads to confusing situations, where some LNK files are parsed differently per specification and in Windows, or even that some LNK files which should be invalid per specification are actually valid to Microsoft Windows,” HarfangLab said.

“Because of this deviation from the specification, one can specifically craft an LNK file which seemingly executes a certain command line or even be invalid according to third party parsers implementing the specification, while executing another command line in Windows.”

A consequence of combining the whitespace padding issue with the LNK parsing confusion is that it can be leveraged by attackers to hide the command that’s being executed on both Windows UI and third-party parsers.

The nine LNK files are said to have been distributed within ZIP archives, with each of the latter containing a second ZIP archive that includes a decoy PDF file, a legitimate but renamed executable, and a rogue DLL that’s sideloaded via the binary.

It’s worth noting this attack chain was documented by BI.ZONE late last month as conducted by a threat actor it tracks as Silent Werewolf to infect Moldovan and Russian companies with malware.

The DLL is a first-stage downloader dubbed ETDownloader that, in turn, is likely meant to deploy a data collection implant referred to as XDigo based on infrastructure, victimology, timing, tactics, and tooling overlaps. XDigo is assessed to be a newer version of malware (“UsrRunVGA.exe”) that was detailed by Kaspersky in October 2023.

XDigo is a stealer that can harvest files, extract clipboard content, and capture screenshots. It also supports commands to execute a command or binary retrieved from a remote server over HTTP GET requests. Data exfiltration occurs via HTTP POST requests.

At least one confirmed target has been identified in the Minsk region, with other artifacts suggesting the targeting of Russian retail groups, financial institutions, large insurance companies, and governmental postal services.

“This targeting profile aligns with XDSpy’s historical pursuit of government entities in Eastern Europe and Belarus in particular,” HarfangLab said.

“XDSpy’s focus is also demonstrated by its customized evasion capabilities, as their malware was reported as the first malware attempting to evade detection from PT Security’s Sandbox solution, a Russian cybersecurity company providing service to public and financial organizations in the Russian Federation.”

It sure is a hard time to be a SOC analyst.

Every day, they are expected to solve high-consequence problems with half the data and twice the pressure. Analysts are overwhelmed—not just by threats, but by the systems and processes in place that are meant to help them respond. Tooling is fragmented. Workflows are heavy. Context lives in five places, and alerts never slow down. What started as a fast-paced, high-impact role has, for many analysts, become a repetitive loop of alert triage and data wrangling that offers little room for strategy or growth.

Most SOC teams also run lean. Last year, our annual SANS SOC Survey found that a majority of SOCs only consist of just 2–10 full-time analysts, a number unchanged since the survey began tracking in 2017. Meanwhile, the scope of coverage has exploded, ranging from on-prem infrastructure to cloud environments, remote endpoints, SaaS platforms, and beyond. Compounded at scale, this has led to systemic burnout across SOC environments—a legitimate business risk that hinders your organization’s ability to defend itself.

Addressing the issue isn’t a matter of simply increasing headcount. The longer we treat burnout as a people problem, the longer we ignore what’s really going wrong inside the SOC. The challenge at hand demands a shift in how SOC work is designed and executed, as well as how analysts are positioned for success.

Enter artificial intelligence (AI). AI implementation at scale offers a practical path forward here by optimizing parts of the job that push analysts toward the door: the repetitive steps, the cognitive overhead, and the lack of visible progress. From streamlining inefficient workflows and supporting skill development to facilitating more impactful team-wide oversight, AI can open wider avenues for making SOC work more sustainable.

Reducing Alert Fatigue and Repetitive Load with Smarter Automation

A constant stream of low-context alerts is one of the fastest ways to drain a SOC team. In the SANS SOC Survey, 38% of organizations reported ingesting all available data into their SIEM. While that may expand visibility, it also floods analysts with low-priority noise. And without strong correlation logic or cross-platform integration, assembling a full picture still falls on the analyst. They’re left chasing indicators across disjointed systems, piecing together context manually, and deciding whether escalation is even necessary. It’s inefficient, exhausting, and unsustainable.

SOC teams have been automating tasks for years, but most of that automation has relied on brittle logic like rigid playbooks and static SOAR flows that break down as soon as the scenario deviates from the expected. AI changes that. AI-powered automation can relieve that pressure by acting as a uniquely powerful contextual aggregator and investigative assistant. When paired with capabilities like those enabled by the new Model Context Protocol (MCP), language models can integrate telemetry, threat intelligence, asset metadata, and user history into a single view, tailoring it to each unique situation the analyst faces. This gives analysts enriched, case-specific summaries instead of raw events. Clarity replaces guesswork. Response decisions happen faster and with greater confidence—two things that directly reduce burnout.

The key here is that, unlike SOAR, AI enables adaptive automation and even makes it easily accessible via an LLM interface. With AI agents and new standards like MCP and Agent2Agent protocol, a future is now here where analysts can describe what needs to happen in plain language, and the system can dynamically build the automation, deciding which tasks need to be performed and the best way to complete them. Whether it’s retrieving data, correlating signals, or coordinating a response, AI can adjust in real time based on context. That flexibility matters, especially when investigation paths aren’t always clear or linear.

Building Analyst Confidence Through Smarter Feedback

Burnout doesn’t only come from long hours. Sometimes it stems from stagnation—doing the same work without growing or getting meaningful feedback. If an analyst doesn’t see progress, frustration takes root quickly. This is an area where AI can offer real support. It allows analysts to refine their own work on the fly—tuning detection logic, troubleshooting false positives, and generating better queries with fast, targeted suggestions. Real-time feedback like this is especially valuable for newer analysts, but even experienced team members benefit from the ability to pressure-test their approach without waiting for peer review.

These interactions support what researchers call deliberate practice: focused repetition paired with immediate, actionable feedback. That is worth its weight in gold when it comes to retention. According to the SANS SOC Survey, “meaningful work” and “career progression” were ranked as the top two factors in analyst retention—above compensation. Teams that embed growth into the day-to-day workflow are more likely to keep their people. AI can’t replace human mentorship, but it can help replicate some of its most meaningful effects at scale.

Helping SOC Leaders Manage and Strengthen Their Teams

SOC leaders have a direct influence on reducing burnout. However, a lack of time and visibility is often their biggest obstacle for making a positive impact. Performance data such as case load, note quality, investigation depth, and response times is scattered across platforms and investigations. Without a way to synthesize it, managers are left guessing who’s struggling and why.

AI makes that analysis possible. With access to case management and workflow data, models can surface performance trends: which analysts consistently handle certain threat types well, where errors cluster, or when quality is starting to dip. That insight allows managers to coach more effectively and assign work based on capability, not just availability. It also gives them the chance to intervene early. Burnout doesn’t announce itself. It builds slowly, often out of sight. But with the right signals—flagging overload, spotting skill gaps, noticing drop-offs in case quality—leaders can take action before problems become exits.

Over time, that kind of targeted support reshapes team culture. Performance improves, retention stabilizes, and analysts are more likely to stay and grow in roles where they feel seen, supported, and set up to succeed.

Let’s Continue the Conversation at SANS Network Security 2025

SOC burnout rarely shows up all at once. It builds through repetition without learning, pressure without progress, and effort without impact. AI won’t remove every stressor in the SOC, but it can help alleviate friction where it matters most.

If this topic resonates, join me at SANS Network Security 2025 this September in Las Vegas. I’ll be leading sessions on building healthier, more effective SOCs—including how to apply AI to reduce burnout, streamline workflows, and support analyst growth in real-world environments.

Register for SANS Network Security 2025 (Sept. 22-27, 2025) here.

Note: This article was expertly written and contributed by John Hubbard, SANS Senior Instructor. Learn more about his background and courses here.

Note: This article was written and contributed by John Hubbard, Senior Instructor at the SANS Institute.

Google has revealed the various safety measures that are being incorporated into its generative artificial intelligence (AI) systems to mitigate emerging attack vectors like indirect prompt injections and improve the overall security posture for agentic AI systems.

“Unlike direct prompt injections, where an attacker directly inputs malicious commands into a prompt, indirect prompt injections involve hidden malicious instructions within external data sources,” Google’s GenAI security team said.

These external sources can take the form of email messages, documents, or even calendar invites that trick the AI systems into exfiltrating sensitive data or performing other malicious actions.

The tech giant said it has implemented what it described as a “layered” defense strategy that is designed to increase the difficulty, expense, and complexity required to pull off an attack against its systems.

These efforts span model hardening, introducing purpose-built machine learning (ML) models to flag malicious instructions and system-level safeguards. Furthermore, the model resilience capabilities are complemented by an array of additional guardrails that have been built into Gemini, the company’s flagship GenAI model.

These include –

• Prompt injection content classifiers, which are capable of filtering out malicious instructions to generate a safe response
• Security thought reinforcement, which inserts special markers into untrusted data (e.g., email) to ensure that the model steers away from adversarial instructions, if any, present in the content, a technique called spotlighting.
• Markdown sanitization and suspicious URL redaction, which uses Google Safe Browsing to remove potentially malicious URLs and employs a markdown sanitizer to prevent external image URLs from being rendered, thereby preventing flaws like EchoLeak
• User confirmation framework, which requires user confirmation to complete risky actions
• End-user security mitigation notifications, which involve alerting users about prompt injections

However, Google pointed out that malicious actors are increasingly using adaptive attacks that are specifically designed to evolve and adapt with automated red teaming (ART) to bypass the defenses being tested, rendering baseline mitigations ineffective.

“Indirect prompt injection presents a real cybersecurity challenge where AI models sometimes struggle to differentiate between genuine user instructions and manipulative commands embedded within the data they retrieve,” Google DeepMind noted last month.

“We believe robustness to indirect prompt injection, in general, will require defenses in depth – defenses imposed at each layer of an AI system stack, from how a model natively can understand when it is being attacked, through the application layer, down into hardware defenses on the serving infrastructure.”

The development comes as new research has continued to find various techniques to bypass a large language model’s (LLM) safety protections and generate undesirable content. These include character injections and methods that “perturb the model’s interpretation of prompt context, exploiting over-reliance on learned features in the model’s classification process.”

Another study published by a team of researchers from Anthropic, Google DeepMind, ETH Zurich, and Carnegie Mellon University last month also found that LLMs can “unlock new paths to monetizing exploits” in the “near future,” not only extracting passwords and credit cards with higher precision than traditional tools, but also to devise polymorphic malware and launch tailored attacks on a user-by-user basis.

The study noted that LLMs can open up new attack avenues for adversaries, allowing them to leverage a model’s multi-modal capabilities to extract personally identifiable information and analyze network devices within compromised environments to generate highly convincing, targeted fake web pages.

At the same time, one area where language models are lacking is their ability to find novel zero-day exploits in widely used software applications. That said, LLMs can be used to automate the process of identifying trivial vulnerabilities in programs that have never been audited, the research pointed out.

According to Dreadnode’s red teaming benchmark AIRTBench, frontier models from Anthropic, Google, and OpenAI outperformed their open-source counterparts when it comes to solving AI Capture the Flag (CTF) challenges, excelling at prompt injection attacks but struggled when dealing with system exploitation and model inversion tasks.

“AIRTBench results indicate that although models are effective at certain vulnerability types, notably prompt injection, they remain limited in others, including model inversion and system exploitation – pointing to uneven progress across security-relevant capabilities,” the researchers said.

“Furthermore, the remarkable efficiency advantage of AI agents over human operators – solving challenges in minutes versus hours while maintaining comparable success rates – indicates the transformative potential of these systems for security workflows.”

That’s not all. A new report from Anthropic last week revealed how a stress-test of 16 leading AI models found that they resorted to malicious insider behaviors like blackmailing and leaking sensitive information to competitors to avoid replacement or to achieve their goals.

“Models that would normally refuse harmful requests sometimes chose to blackmail, assist with corporate espionage, and even take some more extreme actions, when these behaviors were necessary to pursue their goals,” Anthropic said, calling the phenomenon agentic misalignment.

“The consistency across models from different providers suggests this is not a quirk of any particular company’s approach but a sign of a more fundamental risk from agentic large language models.”

These disturbing patterns demonstrate that LLMs, despite the various kinds of defenses built into them, are willing to evade those very safeguards in high-stakes scenarios, causing them to consistently choose “harm over failure.” However, it’s worth pointing out that there are no signs of such agentic misalignment in the real world.

“Models three years ago could accomplish none of the tasks laid out in this paper, and in three years models may have even more harmful capabilities if used for ill,” the researchers said. “We believe that better understanding the evolving threat landscape, developing stronger defenses, and applying language models towards defenses, are important areas of research.”

Not every risk looks like an attack. Some problems start as small glitches, strange logs, or quiet delays that don’t seem urgent—until they are. What if your environment is already being tested, just not in ways you expected?

Some of the most dangerous moves are hidden in plain sight. It’s worth asking: what patterns are we missing, and what signals are we ignoring because they don’t match old playbooks?

This week’s reports bring those quiet signals into focus—from attacks that bypassed MFA using trusted tools, to supply chain compromises hiding behind everyday interfaces. Here’s what stood out across the cybersecurity landscape:

⚡ Threat of the Week

Cloudflare Blocks Massive 7.3 Tbps DDoS Attack — Cloudflare said it autonomously blocked the largest distributed denial-of-service (DDoS) attack ever recorded, which hit a peak of 7.3 terabits per second (Tbps). The attack, the company said, targeted an unnamed hosting provider and delivered 37.4 terabytes in 45 seconds. It originated from over 122,145 source IP addresses spanning 5,433 Autonomous Systems (AS) across 161 countries. The top sources of attack traffic included Brazil, Vietnam, Taiwan, China, Indonesia, Ukraine, Ecuador, Thailand, the United States, and Saudi Arabia.

• Patched Google Chrome Flaw Exploited by TaxOff — A threat actor known as TaxOff exploited CVE-2025-2783, a now-patched security flaw in Google Chrome, as a zero-day in mid-March 2025 to target Russian organizations with a backdoor codenamed Trinper. The attacks share overlaps with another threat activity cluster dubbed Team46, which is believed to have been active since early 2024 and has leveraged another zero-day vulnerability in Yandex Browser for Windows in the past to deliver unspecified payloads.
• North Korea Employs Deepfakes in New Fake Zoom Scam — Threat actors with ties to North Korea targeted an unnamed employee of a cryptocurrency foundation with deceptive Zoom calls featuring deepfaked company executives to trick them into downloading malware. Cybersecurity company Huntress, which responded to the incident, said it discovered eight distinct malicious binaries on the victim host that are capable of running commands, dropping additional payloads, logging keystrokes, and stealing cryptocurrency-related files.
• Russian Threat Actors Use App Passwords to Bypass MFA — Russian threat actors tracked as UNC6293 have been found to bypass multi-factor authentication (MFA) and access Gmail accounts of targeted individuals by leveraging app-specific passwords in skilfully-crafted social engineering attacks that impersonate U.S. Department of State officials. The attacks, which started in at least April and continued through the beginning of June, are notable for their efforts to build trust with victims over weeks, instead of inducing a false sense of urgency and rushing them into taking unintended actions. The end goal of the attacks is to persuade the recipients to create and share app-specific passwords that would provide access to their Gmail accounts.
• Godfather Trojan Creates Sandbox on Infected Android Devices — A new version of the Godfather banking trojan has been found to create isolated virtual environments on Android devices to steal account data and transactions from legitimate banking apps. While the malware has been active since June 2021, the latest iteration takes its information-stealing capabilities to a whole new level through the deployment of a malicious app containing an embedded virtualization framework on infected devices, which is used to run copies of the targeted applications. Thus, when a user launches a banking app, they are redirected to the virtualized instance, from where sensitive data is stolen. The malware also displays a fake lock screen overlay to trick the victim into entering their PIN.
• Israel-Iran Conflict Sparks Surge in Cyber Warfare — The Israel-Iran conflict that started with Israeli attacks on Iranian nuclear and military targets on June 13 has triggered a wider cyber conflict in the region, with hacktivist groups and ideologically motivated actors targeting both nations. Notable among them, the pro-Israel threat group known as Predatory Sparrow breached Bank Sepah and Nobitex, claiming they have been used to circumvent international sanctions. Predatory Sparrow has been publicly linked to attacks targeting an Iranian steel production facility in 2022 and for causing outages at gas station payment systems across the country in 2021. Furthermore, Iran’s state-owned TV broadcaster was hacked to interrupt regular programming and air videos calling for street protests against the Iranian government. Nearly three dozen pro-Iranian groups are estimated to have launched coordinated attacks against Israeli infrastructure. These acts represent another escalation of the use of cyber attacks during (and as a precursor to) geopolitical conflicts, while also underscoring the growing importance of cyber-augmented warfare.

‎️‍🔥 Trending CVEs

Attackers love software vulnerabilities – they’re easy doors into your systems. Every week brings fresh flaws, and waiting too long to patch can turn a minor oversight into a major breach. Below are this week’s critical vulnerabilities you need to know about. Take a look, update your software promptly, and keep attackers locked out.

This week’s list includes — CVE-2025-34509, CVE-2025-34510, CVE-2025-34511 (Sitecore XP), CVE-2025-6018, CVE-2025-6019, CVE-2025-6020 (Linux), CVE-2025-23121 (Veeam Backup & Replication), CVE-2025-3600 (Progress Telerik UI for AJAX), CVE-2025-3464 (ASUS Armoury Crate), CVE-2025-5309 (BeyondTrust Remote Support and Privileged Remote Access), CVE-2025-5349, CVE-2025-5777 (Citrix ADC and Gateway), CVE-2025-5071 (AI Engine plugin), CVE-2025-4322 (Motors theme), CVE-2025-1087 (Insomnia API Client), CVE-2025-20260 (ClamAV), CVE-2025-32896 (Apache SeaTunnel), CVE-2025-50054 (OpenVPN), and CVE-2025-1907 (Instantel Micromate).

📰 Around the Cyber World

• Prometei Botnet Resurgence in March 2025 — The botnet known as Prometei has been observed in renewed attacks in March 2025, while also incorporating new features. “The latest Prometei versions feature a backdoor that enables a variety of malicious activities. Threat actors employ a domain generation algorithm (DGA) for their command-and-control (C2) infrastructure and integrate self-updating features for stealth and evasion,” Palo Alto Networks Unit 42 said. Prometei, first spotted in July 2020, is capable of striking both Windows and Linux systems for cryptocurrency mining, credential theft, and data exfiltration. It can also deploy additional malware payloads. In recent years, it has exploited Windows systems unpatched against ProxyLogon flaws. As of March 2023, it was estimated to have compromised more than 10,000 systems since November 2022. “This modular design makes Prometei highly adaptable, as individual components can be updated or replaced without affecting the overall botnet functionality,” Unit 42 said.
• BitoPro Hack Linked to Lazarus Group — Taiwanese cryptocurrency exchange BitoPro claimed the North Korean hacking group Lazarus is behind a cyber attack that led to the theft of $11,000,000 worth of cryptocurrency on May 9, 2025. “The attack methodology bears resemblance to patterns observed in multiple past international major incidents, including illicit transfers from global bank SWIFT systems and asset theft incidents from major international cryptocurrency exchanges. These attacks are attributed to the North Korean hacking organization ‘Lazarus Group,’” the company said. BitPro also revealed the attackers conducted a social engineering attack on a team member responsible for cloud operations to implant malware and remotely access their computer, while evading security monitoring. “They subsequently hijacked AWS Session Tokens to bypass Multi-Factor Authentication (MFA),” it added. “From the AWS environment, they delivered commands via a C2 server to discreetly transfer malicious scripts to the hot wallet host, awaiting an opportunity to launch the attack. After prolonged observation, the hackers specifically targeted the platform during its wallet system upgrade and asset transfer period, simulating normal operational behaviors to launch the attack.” On May 9, the malicious script was executed to transfer cryptocurrency from the hot wallet. BitPro said it shut down its hot wallet system, rotated all cryptographic keys, and isolated and rebuilt affected systems after discovering unusual wallet activity. The heist is the latest to be attributed to the notorious Lazarus Group, which was implicated in the record-breaking $1.5 billion theft from Bybit.
• Microsoft Plans to Clean Up Legacy Drivers — Microsoft said it’s launching a “strategic initiative” to periodically clean up legacy drivers published on Windows Update to reduce security and compatibility risks. “The rationale behind this initiative is to ensure that we have the optimal set of drivers on Windows Update that cater to a variety of hardware devices across the Windows ecosystem, while making sure that Microsoft Windows security posture is not compromised,” the company said. “This initiative involves periodic cleanup of drivers from Windows Update, thereby resulting in some drivers not being offered to any systems in the ecosystem.”
• Mocha Manakin Uses ClickFix to Deliver Node.js Backdoor — A previously undocumented threat actor known as Mocha Manakin has been linked to a new set of attacks that leverage the well-known ClickFix (aka Paste and run or fakeCAPTCHA) as an initial access technique to drop a bespoke Node.js backdoor codenamed NodeInitRAT. “NodeInitRAT allows the adversary to establish persistence and perform reconnaissance activities, such as enumerating principal names and gathering domain details,” Red Canary said. “NodeInitRAT communicates with adversary-controlled servers over HTTP, often through Cloudflare tunnels acting as intermediary infrastructure.” The backdoor comes with capabilities to execute arbitrary commands and deploy additional payloads on compromised systems. The threat actor was first observed by the cybersecurity company in January 2025. It’s assessed that the backdoor overlaps with a Node.js executable used in Interlock ransomware attacks.
• China Targets Russia to Seek War Secrets — State-sponsored hackers from China have repeatedly broken into Russian companies and government agencies to likely look for military secrets since the country’s invasion of Ukraine in 2022. According to The New York Times, intrusions accelerated in May 2022, with one group known as Sanyo impersonating the email addresses of a major Russian engineering firm to gather information on nuclear submarines. In a classified document prepared by the domestic security agency, Russia is said to have claimed that “China is seeking Russian defense expertise and technology and is trying to learn from Russia’s military experience in Ukraine,” calling China an “enemy.” Another threat actor of interest is Mustang Panda, which has expanded its scope to target governmental organizations in Russia and the European Union post the Russo-Ukrainian war.
• CoinMarketCap Website Hacked With Fake “Verify Wallet” Pop-up — CoinMarketCap (CMC), a popular platform for cryptocurrency tracking, disclosed that its website was hacked to serve a “malicious pop-up prompting users to ‘Verify Wallet’” with the goal of draining users digital assets. While it’s currently not clear how the attackers carried out the attack, the company said it has since identified and removed the malicious code from its site. According to Coinspect Security, the drainer was injected via CoinMarketCap’s rotating “Doodles” feature that’s served from the domain api.coinmarketcap[.]com. “CoinMarketCap’s backend API serves manipulated JSON data that injects malicious JavaScript through the rotating ‘doodles’ feature,” the company said. “Not all users see it, since the doodle shown varies per visit. The injected wallet drainer always loads if you visit /doodles/.” Specifically, this involves loading the drainer from the “CoinmarketCLAP” doodle’s JSON file, exploiting a code injection vulnerability that exploits Lottie animation JSON files to inject arbitrary JavaScript from an external site named static.cdnkit[.]io. “On June 20, 2025, our security team identified a vulnerability related to a doodle image displayed on our homepage,” CoinMarketCap said. “This doodle image contained a link that triggered malicious code through an API call, resulting in an unexpected pop-up for some users when visited (sic) our homepage.” CoinMarketCap did not reveal how many users encountered the pop-up or whether any wallets were compromised. However, according to screenshots shared by a threat actor named ReyXBF on X, about $43,266 was siphoned from 110 victims who interacted with the fake wallet verification pop-up. “This was a supply chain attack, meaning the breach didn’t target CMC’s own servers but a third-party tool or resource used by CMC,” c/side said.
• Malicious JavaScript Served via Corrupted Version of jQuery Migrate — In another supply chain threat, cybersecurity researchers discovered a malware infection chain that employed a malicious version of a version of the jQuery Migrate library that had been altered to remotely insert and execute arbitrary JavaScript into the victim’s browser. The first step in the attack was the compromise of a legitimate WordPress site (“tabukchamber[.]sa”), likely either via a vulnerable plugin or compromised credentials, to inject obfuscated logic related to Parrot TDS, which is designed to fingerprint the browser and selectively serve malware to qualifying users based on certain criteria. In this case, one of the tailored JavaScript responses included a dropper script disguised as jquery-migrate-3.4.1.min.js. The attack, per Trellix, unfolded when a senior executive from one of its enterprise clients accessed the WordPress website. “This method of infection shows a well-planned, covert operation focused on blending malware into normal website behavior, leveraging the weakest link – unverified third-party frontend pipelines,” the company said.
• Tesla Wall Connector Hacked to Carry Out Downgrade Attacks — Researchers demonstrated an attack technique that exploited the Tesla Wall Connector, a charger for electric vehicles, to install vulnerable firmware on the device and ultimately execute arbitrary code on the device. The attack takes advantage of the fact that Tesla vehicles can update the charging connector through a charging cable using a proprietary protocol. Synacktiv said it pulled off a successful exploit in approximately 18 minutes due to the “low bandwidth of the SWCAN [Single-Wire Controller Area Network] bus.” To achieve this, a Tesla car simulator was built to communicate with the charger in SWCAN communication mode, enabling them to run the downgrade logic, use Unified Diagnostic Services (UDS) to extract Wi-Fi credentials, and obtain a debug shell. Furthermore, a buffer overflow in the debug shell’s command parsing logic could be exploited to achieve code execution on the device. “Since the Wall Connector is typically connected to a home, hotel, or business network, gaining access to the device could provide a foothold into the private network, potentially allowing lateral movement to other devices,” the company said. Tesla has addressed the issue by implementing an anti-downgrade mechanism, preventing the firmware rollback used in the attack.
• ASRJam Devised to Block Automated Phone Scams — A group of academics from Ben Gurion University of the Negev and Amrita Vishwa Vidyapeetham has developed a new framework called ASRJam that injects adversarial perturbations into a victim’s audio to disrupt an attacker’s Automatic Speech Recognition (ASR) system. Powered by a jamming algorithm dubbed EchoGuard, it leverages natural distortions, such as reverberation and echo, to counter speech recognition systems that are used by attackers to conduct vishing attacks and elicit sensitive information from victims or trick them into performing a malicious action. ASRJam “targets the weakest link in the attacker’s pipeline, speech recognition, disrupting LLM-driven vishing attacks without affecting human intelligibility,” according to the study.
• AnonSecKh Targets Thai Entities After Border Flare-Up — A Cambodian hacktivist group has ramped up cyber attacks against Thai entities following a border skirmish between the two countries late last month that led to the death of a Cambodian soldier. The AnonsecKh group (aka ANON-KH or Bl4ckCyb3r) claimed at least 73 attacks on Thai organizations between May 28 and June 10, 2025. Targets included government websites, followed by entities in the military, manufacturing, and finance sectors. “Their attacks are tightly linked to political incidents and demonstrate a reactive pattern,” Radware said. “The group has shown the ability to launch rapid and intense attack waves.”
• DoJ Seizes Record $225 Million in Crypto Tied to Romance Baiting Scams — The U.S. Department of Justice (DoJ) said it has filed a civil forfeiture complaint seeking to recover over $225 million in cryptocurrency linked to cryptocurrency confidence (aka romance baiting) scams running out of Vietnam and the Philippines, the largest crypto seizure by the U.S. government to date. “The cryptocurrency addresses that held over $225.3 million in cryptocurrency were part of a sophisticated blockchain-based money laundering network that executed hundreds of thousands of transactions and was used to disperse proceeds of cryptocurrency investment fraud across many cryptocurrency addresses and accounts on the blockchain to conceal the source of the illegally obtained funds,” the DoJ said. More than 430 suspected victims are believed to have lost their funds after being duped into believing that they were making legitimate cryptocurrency investments. According to TRM Labs, the scheme involved directing victims to fake investment platforms that impersonated legitimate trading environments, luring them with the promise of high returns. While these services enabled smaller withdrawals, they blocked access or imposed fake tax or fee requirements when victims initiated larger withdrawal requests. As many as 144 accounts at the virtual currency exchange OKX were used for laundering the proceeds of the operation. “These accounts exhibited patterns of coordinated activity, including the use of Vietnamese KYC documents, overlapping IP addresses geolocated in the Philippines, and KYC photographs taken in the same physical setting,” the company said.
• Nigerian National Sent to U.S. Prison for Cyber Scams — Ridwan Adeleke Adepoju, a 33-year-old from Lagos, Nigeria, has been sentenced to three and a half years in federal prison for conducting a variety of cyber fraud schemes that targeted U.S. citizens and businesses, including phishing scams, romance scams, and submitting fraudulent tax returns. “The scams involved multiple spoofed email addresses, fictional social media personas, and unwitting money mules,” the DoJ said. Adepoju was arrested last year in the U.K. and later extradited to the U.S.
• Malicious Firefox Browser Add-ons Spotted — Cybersecurity researchers have uncovered several add-ons in the official extensions marketplace for Mozilla Firefox that is capable of leading users to tech support scam websites through pop-ups related to fake virus alerts and system errors (Shell Shockers io), redirecting Wikipedia traffic to an alternative domain that advertises a proxy service (wikipedia engelsiz giris), and manipulating user engagement metrics on platforms like Facebook by artificially inflating likes and views.
• Smartphones in North Korea Take Screenshots Every 5 Minutes — A smartphone smuggled out of North Korea in late 2024 had been programmed such that it takes a screenshot every five minutes and saves it in a folder, highlighting the extent to which the regime tries to exert its control over citizens, censor information, and indoctrinate people. BBC, which obtained the phone, said the device is engineered to automatically replace forbidden words with their North Korean equivalents, such as substituting the word “South Korea” with the term “Puppet state.”
• U.K. Fines 23andMe for 2023 Data Breach — The U.K. data protection watchdog, the Information Commissioner’s Office (ICO), said it’s fining embattled genomics company 23andMe $3.1 million over its 2023 breach and for failing to implement appropriate security measures to protect the personal information of U.K. users. The 2023 hack allowed unidentified threat actors to conduct a credential stuffing attack between April and September 2023 to gain unauthorized access to personal information belonging to 155,592 U.K. residents, likely revealing names, birth years, self-reported city or postcode-level location, profile images, race, ethnicity, family trees, and health reports in the process. The exact nature of the exposed information varied on a per-user basis. The ICO faulted 23andMe for not implementing appropriate authentication and verification measures and for not enforcing controls over access to raw genetic data. It also said the company did not have effective systems in place to “monitor, detect, or respond to cyber threats targeting its customers’ sensitive information.” The ICO further said 23andMe took until the end of 2024 to sufficiently address the security issues that underpinned the credential-stuffing attack.
• More than 46K Grafana Instances Vulnerable to CVE-2025-4123 — More than 46,000 internet-facing Grafana instances are susceptible to a recently disclosed security flaw (CVE-2025-4123 aka The Grafana Ghost) that could permit an attacker to run arbitrary code and take control the victims’ accounts by luring them into clicking URLs that lead to loading a rogue Grafana plugin from a site controlled by the threat actor without requiring any elevated permissions. “The vulnerability also affects Grafana instances running locally by crafting a payload that takes advantage of the locally used domain name and port for the local service,” OX Security said. The disclosure comes as Censys revealed that there are nearly 400 web-based human-machine interfaces (HMIs) exposed to the internet, out of which 40 were fully unauthenticated and controllable by anyone with a browser. A majority of these systems have since been secured. On top of that, almost 35,000 solar power systems from 42 vendors have been detected as publicly exposing their management interfaces over the internet.
• Viasat Hacked by Salt Typhoon — U.S. satellite communications company Viasat has acknowledged that it was targeted by China-linked Salt Typhoon hackers. According to Bloomberg, the breach was discovered earlier this year. Viasat confirmed that it had detected unauthorized access through a compromised device, but said it had found no evidence of impact to customers.
• FreeType Zero-Day Exploited in Paragon Spyware Attacks — A security flaw in FreeType (CVE-2025-27363) was exploited as a zero-day in connection with a Paragon Graphite spyware attack that leveraged WhatsApp as a delivery vector, according to a report from SecurityWeek. In March, WhatsApp revealed that it disrupted a campaign that involved the use of Graphite spyware to target around 90 journalists and civil society members. The vulnerability was addressed by Google last month in Android.
• VADER to Detect and Neutralize Dead Drops — Threat actors are known to leverage legitimate and trusted platforms like Dropbox, Google Drive, and Pastebin as dead drop resolvers (DDRs) to host information that points to the actual command-and-control (C2) servers in a likely effort to sidestep detection and blend in with regular activity within enterprise networks. This also makes the malicious infrastructure more resilient, since the attackers can dynamically change the list of C2 servers, in case the original one is taken down. Enter VADER, short for Vulnerability Analysis for Dead Drop Endpoint Resolution, which aims to improve web application security through proactive Dead Drop Resolver remediation. “Analyzing a dataset of 100,000 malware samples collected in the wild, VADER identified 8,906 DDR malware samples from 110 families that leverage 273 dead drops across seven web applications,” academics from the Georgia Institute of Technology said. “Additionally, it proactively uncovered 57.1% more dead drops spanning 11 web applications.”

🎥 Cybersecurity Webinars

• They’re Faking Your Brand — Stop AI Impersonation Before It Spreads — AI attackers are pretending to be your company, your execs—even your employees. From fake emails to deepfakes, it’s happening fast. In this webinar, Doppel will show how to detect and stop impersonation across the platforms that matter most—before customers or partners are fooled. Join to protect your brand in the age of AI threats.
• AI Agents Are Leaking Data — Learn How to Fix It Fast — AI tools like ChatGPT and Copilot are often linked to Google Drive or SharePoint—but without the right settings, they can leak private files. In this webinar, experts from Sentra break down real examples of how data exposure happens—and what you can do right now to stop it. If your team is using AI, this is a must-watch before something slips through.

🔧 Cybersecurity Tools

• glpwnme — It is a simple, powerful tool to find and exploit known vulnerabilities in GLPI, a widely used IT asset management platform. It helps security teams and pen-testers detect issues like RCEs, plugin flaws, and default credentials across multiple GLPI versions. Ideal for red teaming, bug bounty, or internal audits, glpwnme also supports safe cleanup and plugin enumeration—making it perfect for fast, focused GLPI security checks.
• Debloat — It is a simple tool that removes junk data from bloated executables—often 100–800MB added to evade sandboxing. With both GUI and CLI support, it cleans inflated binaries in seconds using automated detection of common packing tricks. Used by platforms like AssemblyLine and MWDB, it’s ideal for malware analysts and CERT teams who need fast, reliable cleanup before deeper analysis.

Disclaimer: These newly released tools are for educational use only and haven’t been fully audited. Use at your own risk—review the code, test safely, and apply proper safeguards.

🔒 Tip of the Week

SCCM Can Be a Silent Domain Takeover Tool — Here’s How to Secure It ➝ Microsoft’s System Center Configuration Manager (SCCM) is a powerful tool for managing software and devices across an organization. But because it touches so many systems, it’s also a big security risk if not set up carefully. Attackers who get access to just one user or machine can use SCCM’s Client Push feature to run code remotely on other systems. This often works because SCCM uses service accounts (like Distribution Point or Network Access accounts) that have admin rights on many machines. And if your environment still allows NTLM authentication or unsigned SMB traffic, attackers can quietly hijack these connections using tools like ntlmrelayx or PetitPotam—without triggering alerts.

Many IT teams miss the fact that SCCM setups often rely on shared local admin accounts, allow automatic client installs, and still support outdated security protocols. These common missteps make it easy for attackers to move through your network without being seen. What’s worse, the SCCM database and SMS Provider server, which are central to pushing software and storing credentials, are rarely locked down properly—leaving attackers a clear path to take control.

To protect your network, start by turning off NTLM fallback and turning on SMB signing through Group Policy. Then check which accounts SCCM uses to install clients—remove admin rights where not needed, and rotate those credentials regularly. Make sure the SCCM database uses dedicated service accounts, limits who can connect to it, and monitors logs like ClientPushInstallation.log for anything suspicious. Use tools like LAPS or gMSA to manage local passwords safely, and place SCCM servers in their own network group behind a firewall.

Finally, be careful where you run the SCCM admin console. Avoid using it on everyday laptops or general-use machines. Instead, use a secure, locked-down system just for admin work, and add protections like Credential Guard or use the RunAs /netonly command to keep admin credentials safe. When SCCM is secured properly, it blocks one of the easiest paths attackers use to spread through your network. But if it’s left wide open, it can give them quiet access to almost everything.

Conclusion

If the signals feel louder lately, it’s because they are. Attackers are refining their moves, not reinventing them—and they’re counting on defenders being too busy to notice. Don’t give them that edge. Sharpen your controls, simplify where you can, and keep moving faster than the threat.

Security isn’t just a solo effort—it’s a shared responsibility. If this recap helped you spot something worth a second look, chances are someone else in your network needs to see it too. Share it with your team, peers, or anyone responsible for keeping systems safe. A single overlooked detail in one environment can become the blueprint for risk in another.